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(54) Packet encryption in a non-secure data communication system 

(57) Data is encrypted for transmission over a non-secure communications network by providing the data (D) with a header 
(H) and a trailer (T) portion containing full information as to the sender and recipient of the data so as to form a data packet 
(a), encoding the packet (HE, DE, TE; (b)), and providing the encoded packet (HE, DE, TE) with a further hecder (H') and , 
trailer (P) portion to form a further packet (c). The further header and trailer portion only contain information identifying the 
entry and exit nodes at which the further packet enters and leaves the non-secure network. On arrive at the exit node the 
further packet can be decoded to reconstruct the original packet (b) which is then conveyed to its destination via a local 
secure network. r 

Padding the non-secure network with dummy messages makes it impossible to identify the presence of genuine traffic 
between particular nodes of the non-secure network. Thus secure data may be sent via commercial non-secure packet 
switching networks without indicating its presence. 
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At least one drawing originally filed was informal and the print reproduced here is taken from a later filed formal copy. 
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Summary of the CHESS 'Selective Encryption' Architecture 




E.S.A. : End-System Address 
S.A. : Site Address 
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Methods of Selective Encryption: 
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Methods of Selective Encryption: 
1 . Separate crypto-pair per site-to-site connection 
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Advantages: 



no crypto bypass (simpler) 
more secure (chain-block cypher) 



Disadvantages: 

- more crypto devices 
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Methods of Selective Encryption: 
2. Cryptos shared between several sites 
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Advantages: 

- fewer crypto devices (and keys to manage) 

Disadvantages: 

- crypto bypass to be verified 




MothnHt nf Selective Encryption: 

3. Separate crypto-pair per site-to-site connection, 
with Network Facilities 
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Methods of Selective Encryption: 

4. Cryptos shared between several sites, 
with Network Facilities 



to 

PU8JC- 
WANS 









PACKET 




PACKET 


SWITCH 




GENERATOR 


EXCHANGE 













Address 
Conversion 



t 




site addresses and network facilities 



< y ' * i / 

UNTRUSTEO TRUSTED 



TRUSTED 



Advantages: 

fewer crypto devices (and keys to manage) 
- network facilities available 



Disadvantages: 

crypto bypass to be veri f i ed 



13 



»4* 



Selective Encryption 
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A DATA COMMUNICATION SYSTEM 

This invention relates to data transmission systems, 
in particular secure data transmission systems in which data 
is encrypted for transmission over a non-secure data 
transmission network such as a packet switching network. 

In this specification, the word "data" encompasses 
digitally-encoded information of any type. It includes, but 
is not restricted to, alpha-numeric data such as ASCII; 
video; teletext; facsimile; speech; and digitally-encoded 
analogue signals e.g. telemetry. 

In this specification, the word "crypto" has been used 
as an abbreviation for "encryption device". 

As is know to those skilled in the art, in order to 
transmit data over a packet switching network it is 
necessary to produce a packet comprising a header portion, a 
data portion containing data to be transmitted, and a 
trailer portion. The header portion contains information 
identifying the destination of the packet, and may contain 
such additional information as is permitted by the packet 
switching network protocols, such as call redirection and 
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ringback facilities. Where the data to be transmitted needs 
to be kept secure, it would be possible to encrypt the data 
per se: however it would not be possible to encrypt the 
header and trailer data as the packet switching network 
needs this header and trailer data to allow it to deliver 
the packet to the correct destination. In certain cases it 
would be undesirable for any information .identifying the 
originator and/or recipient of the data to be transmitted 
over non-secure channels. The present invention arose from 
an attempt to overcome or mitigate these problems. 

According to the invention apparatus for encrypting 
data for transmission over a communications network 
comprises: means for generating a first packet comprising a 
header portion, an information - containing portion and a 
trailer portion, means for encrypting the first packet, and 
means for generating a second packet comprising a further 
header portion, the encrypted first packet, and a further 
trailer portion. 

According to a further aspect of the invention a 
communication system is provided in which data is encoded by 
such apparatus prior to being transmitted. 

In encrypting the first packet, the information - 
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carrying portion may be encrypted separately from the header 
portion and trailer portion. 

The system may comprise a plurality of subscribers 
connected by a communications network via a plurality of 
nodes, at least one subscriber being associated with each 
node. Each node may include means for encrypting data in 
the manner referred to in the two preceding paragraphs for 
transmission to another node # and means for decrypting data 
for transmission to an associated subscriber. 

The further header portion need only contain data 
relating to the encrypting and the decrypting nodes. At 
least one node may allow communication between a pair of 
subscribers connected to that node. This avoids the need 
for those subscribers to use the non-secure communications 
network when communicating with each other. The header 
portion may contain information relating to the destination 
subscriber address. The header portion may also contain 
other information such as ring-back or redirect calls, or 
the security classification of the data. In at least one 
node the means for decrypting data may comprise a crypto 
bypass. The bypass may be used for non-secure traffic. 

At least one node may comprise a respective encryption 



device for communication between that node and each 
respective other node. This allows that node to communicate 
directly with all other nodes, each node having its own 
code. At least one node may comprise a respective 
encryption device for communication between that node and at 
least one respective group of other nodes. 

At least one node may comprise means for padding the 
traffic with dummy information. This ensures that the node 
is busy at all times, making it difficult to detect when 
genuine secure traffic is being conveyed. 

At least one node may function as an exchange node so 
that traffic between nodes has to pass via at least one 
exchange node. This can reduce the number of cryptos 
required. 

According to another aspect of the invention there is. 
provided apparatus for decrypting a packet received from a 
communications network, the packet comprising an unencrypted 
first header portion, an encrypted first data portion, and 
an unencrypted trailer portion, the encrypted first data 
portion comprising an encrypted further packet comprising an 
encrypted second header portion, an encrypted second data 
portion and an encrypted second trailer portion, the 
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apparatus comprising means to decrypt the encrypted further 
packet to produce an unencrypted further packet , the 
unencrypted further packet comprising the unencrypted second 

header portion, the unencrypted second data portion, and the 

I- — . • — 

unencrypted second trailer portion. 

According to yet another aspect of the invention a 
method of encrypting data for transmission over a 
communications network comprises the steps of:- 

(a) generating a first packet comprising a header portion, 
an information - containing portion and a trailer portion; 

(b) encrypting the first packet; 

(c) generating a second packet comprising a further header 
portion, the encrypted first packet, and a further trailer 
portion. 

According to a still further aspect of the invention 
there is provided a method of decrypting a packet received 
from a communications network, the packet comprising an 
unencrypted first header portion, an encrypted first data 
portion, and an unencrypted trailer portion, the encrypted 
first data portion comprising an encrypted further packet 
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comprising an encrypted second header portion, an encrypted 
second data portion and an encrypted second trailer portion, 
the method comprising the steps of :- 

(a) extracting the encrypted first data portion from the 
packet to obtain the encrypted further data packet; 

(b) decrypting the encrypted further data packet; 

(c) generating a decrypted further packet comprising the 
unencrypted second header portion , the unencrypted second 
data portion, and the unencrypted second trailer portion. 

The invention will now be described in more detail 
with reference to the drawings in which: 

Figure 1 shows a diagram illustrating a method of data 
encryption in accordance with the invention; 

Figure 2 shows a communication system in accordance 
with the invention; 

Figures 3 and 4 show part of Figure 2 in more detail; 



Figure 5 shows a first example of a secure site in 



accordance with the invention; 



Figure 6 shows a second example of a secure site in 
accordance with the invention; 

Figure 7 shows a third example of a secure site in 
accordance with the invention; 

Figures 8a and 8b show an example of a secure site in 
accordance with the invention in more detail; 

Figure 9 shows diagramatically four methods of 
selective encryption; 

Figure 10 shows a first method of selective encryption 
in accordance with the invention; 

Figure 11 shows a second method of selective 
encryption in accordance with the invention; 

Figure 12 shows a third method of selective encryption 
in accordance with the invention; 

Figure 13 shows a fourth method of selective 
encryption in accordance with the invention; 
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Figure 14 shows a diagram illustrating methods of data 
encryption. 

A method of encrypting data in accordance with the 
invention will now be described with reference to Figure l. 
Figure 1(a) shows in diagrammatic form a data packet 
suitable for transmitting over a packet switching network. 
The packet consists of a header portion H, a data portion D, 
and a trailer portion T. The header portion H contains 
information identifying the sender of the data and the 
address of the subscriber to which the data is to be sent. 
It may also contain additional information such as call 
redirection etc. In order to make the whole of this 
information secure, the entire packet is encrypted. In 
Figure 1(b), HE, DE, and TE represent the encrypted header, 
data, and trailer portions respectively. As all the 
information contained in the packet has been encrypted, the 
packet cannot now be sent over a conventional packet 
switching system as it stands because the header 
information, being encrypted, cannot be understood by the 
conventional packet switching system. Accordingly this 
encrypted packet is provided with a further header and 
trailer, the further header and trailer containing 
sufficient information to allow the packet to be transmitted 
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from the node at which encryption takes place to a further 
node at which decryption takes place. The final data packet 
is shown in Figure 1(c) in which H' indicates the further 
header, T' indicates the further trailer, and HE, DE, and TE 
are as in Figure 1(b). 

Figure 2 shows a data transmission system in 
accordance with the invention. Each site 1, 2, 3, 4 is a 
secure site. The sites are shown diagrammatical ly in Figure 
2. Each node includes the private MLS access control and 
the private crypto, as well as the public X.25 addresses. A 
site is shown in greater detail in Figure 3. The concentric 
circles in Figures 2 and 3 indicate the various features of 
the sites. Site 1 comprises a node 1 to which a number of 
subscribers 11, 12, 13, 14, 15, 16 are connected. The node 
functions as an exchange which provides secure 
communications between any pair of its subscribers without 
necessarily requiring encryption. It also acts as an 
interface between the subscribers and a wide area network 
(WAN) to allow subscribers to communicate with subscribers 
in other secure sites via their respective nodes by 
encrypting data prior to transmitting it over the WAN. This 
is effected by encoding the data prior to transmission in 
the way described with reference to Figure 1. 
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Say a subscriber 11 at site 1 wishes to communicate 
with subscriber 26 at site 2. a message sent from 
subscriber 11 arrives at node 1 and is converted into a data 
packet whose header contains, inter alia, information 
** regarding the End System Address (ESA) of the recipient 26. 
This data packet is encrypted as described with reference to 
Figure 1 to produce a further data packet having a clear 
(unencrypted) header and trailer. This header and trailer 
only contains Site Address (SA) information, i.e. 
information identifying the node 1 via which the packet 
enters the WAN, and the node 2 via which the packet leaves 
the WAN. On arrival at node 2, the packet is decrypted, and 
node 2 now forwards the data to the recipient subscriber 26. 
Should the packet be mis-routed or intercepted during its 
passage over the WAN, then its unintended recipient will 
only be able to identify the nodes at which the packet 
entered and left the WAN, and will not be able to identify 
the originator or recipient of the data. By ensuring that, 
the system transmits dummy data between nodes in the absence 
of genuine traffic, an unauthorised recipient would not even 
be able to gain any useful information as to the amount of 
traffic passing between pairs of nodes. 

In the arrangement shown, the provision of a number of 
alternative WANs provides a high degree of system 
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reliability in that, should one WAN fail, then alternative 
routes are available via the other WANs. If different WANs 
have different price structures, it also allows the user to 
select the most economical route for any particular message. 

Figure 3 shows a site in more detail. The blocks 
identified as "access control and selective encryption" 
correspond to the nodes of Figure 2 and allow a two-way flow 
of information between the private end-systems (subscribers) 
and the WANs. The optional selective crypto bypass provides 
a direct route for information such as address and 
additional functions information which is required to be 
conveyed directly between the INTERFACE TO PUBLIC WANs and 
the PRIVATE X.25 ROUTING & ACCESS CONTROL without passing 
through the PRIVATE ENCRYPTION. Such a bypass will in 
practice only be implemented if it can be ensured that 
nothing but the address &c. information can be conveyed via 
the bypass. The Private Routing & Access Control serves to 
allow the end-systems to communicate with other end-systems 
at the same site as well as with end-systems at other sites. 

Figure 4 shows the same information as Figure 3 but 
the concentric circles have been omitted for clarity. 

Figure 5 shows a first example of secure site in 
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greater detail. The WAN interface consists of a packet 
generator/switch which generates packets in a form suitable 
for transmission over any of WAN1 - 3, each of which 
consists of a packet switching network. The PRIVATE X.25 
ROUTING & ACCESS CONTROL may be implemented by a suitably 
programmed computer. A plurality of customer's encryption 
devices are provided. Each device may serve only one link 
between the site and one other site, or a single device may 
be used for a group of two or more sites. Each end-system 
(subscriber) has a different security rating. If desired, 
information concerning this rating may be included in the 
encrypted header data. 

Figure 6 shows a second example of a secure site in 
greater detail. This example includes a crypto bypass for 
suitable unclassified traffic. The bracketed functional 
blocks indicated by SCP2 CHESS may be implemented by a 
suitably programmed computer. 

Figure 7 shows a third example of a secure site in 
greater detail. Encryption is performed in two stages. 
SELECTIVE ENCRYPTION encrypts the data only. 

Figures 8a and 8b show a secure site in even greater 
detail. To provide greater security, traffic padding is 
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provided to generate dummy messages in the absence of useful 
information. An audit trail is generated for analysis of 
attempted breaches of security. It should be noted that 
block Z "private encryption" shown in Figure 8a has been 
duplicated in Figure 8b and that the site only has one such 
block. 

Figure 9 illustrates in diagrammatic form various 
methods of selective encryption in accordance with the 
invention, which methods are illustrated in detail in 
Figures 10-13. 

Figures 10 to 13 each show one site, denoted site 1 in 
each case, of a system consisting of six sites. 

Figure 10 illustrates a site in accordance with method 

1. Each inter-site link is allocated its own crypto. The 
cryptos are indicated by Z2 to Z6, Z2 being used for 
communication between sites 1 and 2, and so on. 

Figure 11 illustrates a site in accordance with method 

2. Only two cryptos are provided, Z2-3 being used for 
communication between site 1 and both sites 2 and 3, Z4-6 
being used for communication between site 1 and the 
remaining sites. While this uses fewer cryptos, it does 
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necessitate the provision of a crypto bypass for conveying 
the site address information. 

Figure 12 illustrates a site in accordance with method" 

3. This is similar to Figure 10 in that each inter-site 
link has its own crypto, but a crypto bypass is provided for 
network facilities. 

Figure 13 illustrates a site in accordance with method 

4. This is similar to Figure 11, but the crypto bypass 
conveys both site address and network facilities 
information. 

Figure 14 illustrates different types of selective 
encryption, type 2 being in accordance with the invention. 
The type 2 encryption allows the end user packet to 
implement the full range of facilities available under the 
X.25 packet switching protocol. 

In the arrangements described so far, any given node 
has been able to communicate directly with any other node. 
While this allows maximum system flexibility, it does suffer 
the disadvantage of requiring a large number of cryptos, and 
this number increases rapidly as more nodes are connected to 
the network. The number of cryptos can be considerably 
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reduced by using a small number of nodes as exchanges such 
that communication between nodes has to be routed via one or 
more of these exchange nodes. It is then only necessary to 
provide each node with a crypto which will allow it to 
communicate with its exchange node or nodes. Thus in Figure 
2, node 1 could be the designated exchange node, and all 
secure traffic between nodes 2, 3 and 4 would be routed via 
node 1. Alternatively nodes 1 and 2 could be designated 
exchange nodes so that direct secure communication between 
nodes 3 and 4 was not possible. However, nodes 3 and 4 
could communicate either via node 1 or via node 2, or indeed 
via both node 1 and node 2. This would allow an increased 
degree of flexibility and reliability over a single exchange 
system, as the system could still function in the event of 
failure of one of the exchange nodes. Provision could be 
made to permit non-secure traffic to be routed directly 
between nodes rather than passing via a secure traffic 
exchange node. 

Management facilities available in conjunction with 
the invention include 

- setting access control permissions, archiving audit 
trails; 



- choice of - central facility with local fallback; 

- local facility mandated for some users 
or sites; 

- central facility collates user directory except 
'ex-directory' users or sites; 

choice of several central facilities for 
survivability; 

- independent survivable central facilities for each 
sub-group of sites; 

- CHESS management data/commands use main data network 
(preserving 'trusted path'). 

Arrangements in accordance with the invention may be 
implemented with the use of suitably programmed secure 
computers such as SCP2 CHESS to effect the necessary 
encoding and decoding. This is particularly advantageous, 
as it facilitates subsequent reconfiguration of the system, 
for example, to accommodate additional sites and additional 
facilities. It provides a secure communication link between 
sites over existing non-secure communications networks, 
thereby avoiding the need for, and expense of, a discrete 
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dedicated secure network, and allows all the encryption and 
decrypting arrangements to be located on-site. 

The invention may be used in any application , 
including business and military communications, in which it 
is essential that information be securely and reliably 
transmitted between sites. 

The invention may be used in conjunction with 
single-level, system high, or multi-level end systems* 
Systems in accordance with the invention may be certified to 
recognised assurance levels. 

While the invention has been described with reference 
to the embodiments shown in the drawings, it is not 
restricted to the particular embodiments shown. For 
example, although communication between sites is described 
as being possible via one of a plurality of WANs, it is only 
necessary that at least one WAN be present. Further, 
communications networks other than WANs may be used, for 
example LANs or broadcast communications networks. Further, 
the invention is not restricted to communication using 
packet switching networks, but can be used with any other 
communication system in which information to be conveyed is 
associated with information indicating the destination 
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and/or origin of the information. Further, while the clear 
header has been described as containing only site address 
information , it may be possible in some circumstances to 
include additional information. Further, while the header 
has been described as containing site address information 
and possibly additional information, at least some of this 
information could be contained in the trailer. Further, 
while methods in accordance with the invention have been 
described as a sequence of steps, at least some of these 
steps may be performed simultaneously rather than 
sequentially. 

Further, it may not be necessary for every data packet 
of a transmission to be provided with information regarding 
the entry and exit nodes of the communications network and 
the sender and the recipient of the data. It may only be 
necessary for the initial packet or packets of the 
transmission to contain the routing information necessary to 
establish a communications link between subscribers. Once 
the link has been established, some or all of this routing 
information can be omitted from subsequent packets, the 
subsequent packets being conveyed over the link so 
established for the duration of the transmission. 
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CLAIMS 

1. Apparatus for encrypting data for transmission over a 
communications network comprising: - 

means for generating a first packet comprising a header 
portion, an information - containing portion and a trailer 
portion; 

means for encrypting the first packet; and 

means for generating a second packet comprising a further 
header portion, the encrypted first packet, and a further 
trailer portion. 

2. Apparatus as claimed in claim 1 in which the means for 
encrypting the first packet encrypts the information - 
containing portion separately from the header portion and 
trailer portion • 

3. A communications system comprising a plurality of 
subscribers connected by a communications network via a 
plurality of nodes, at least one subscriber being associated 
with each node; each node including apparatus for encrypting 
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data as claimed in claim 1 or claim 2 for transmission to 
another node and means for decrypting data for transmission 
to an associated subscriber. 

4. A system as claimed in claim 3 in which the further 
header portion contains data relating to the encrypting and 
the decrypting nodes. 

5. A system as claimed in claim 3 or 4 in which at least 
one node also allows communication between a pair of 
subscribers connected to that node. 

6. A system as claimed in any one of claims 3 to 5 in which 
the header portion contains information relating to the 
destination subscriber address. 

7. A system as claimed in claim 6 in which the header 
portion also contains other information. 

8. A system as claimed in any one of claims 3 to 7 in which 
for at least one node the means for decrypting data 
comprises a crypto bypass. 

9. A system as claimed in any one of claims 3 to 8 in which 
at least one node comprises a respective encryption device 



for communication between the one node and each respective 
other node. 

10. A system as claimed in any one of claims 3 to 9 in 
which at least one node comprises a respective encryption 
device for communication between the one node and at least 
one respective group of other nodes. 

11. A system as claimed in any one of claims 3 to 10 in 
which at least one node comprises traffic padding means. 

12. A system as claimed in any one of claims 3 to 11 in 
which at least one node functions as an exchange node such 
that encrypted traffic between nodes is routed via at least 
one exchange node. 

13. Apparatus for decrypting a packet received from a 
communications network, the packet comprising an unencrypted 
first header portion, an encrypted first data portion, and 
an unencrypted trailer portion, the encrypted first data 
portion comprising an encrypted further packet comprising an 
encrypted second header portion, an encrypted second data 
portion and an encrypted second trailer portion, the 
apparatus comprising means to decrypt the encrypted further 
packet to produce an unencrypted further packet, the 
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unencrypted further packet comprising the unencrypted second 
header portion, the unencrypted second data portion, and the 
unencrypted second trailer portion . 

14 . A method of encrypting data for transmission over, a 
communications network comprising the steps of:- 

(a) generating a first packet comprising a header portion, 
an information - containing portion and a trailer portion; 

(b) encrypting the first packet; 

(c) generating a second packet comprising a further header 
portion, the encrypted first packet, and a further trailer 
portion. 

15. A method as claimed in claim 14 in which in step (b) 
the information - containing portion is encrypted separately 
from the header portion and trailer portion. 

16. A method of decrypting a packet received from a 
communications network, the packet comprising an unencrypted 
first header portion, an encrypted first data portion, and 
an unencrypted trailer portion, the encrypted first data 
portion comprising an encrypted further packet comprising an 
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encrypted second header portion, an encrypted second data 
portion and an encrypted second trailer portion, the method 
comprising the steps of:- - 

(a) extracting the encrypted first data portion from the 
packet to obtain the encrypted further data packet; 

(b) decrypting the encrypted further data packet; 

(c) generating a decrypted further packet comprising the 
unencrypted second header port ion , the unencrypted second 
data portion, and the unencrypted second trailer portion. 

17. A communications system substantially as described with 
reference to the accompanying drawings. 

18. A method of encrypting data substantially as described 
with reference to the accompanying drawings. 
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